github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/docs/linux/setup_ubuntu-host_vmware-vm_x86-64-kernel.md

github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/docs/linux/setup_ubuntu-host_vmware-vm_x86-64-kernel.md (about)

     1  # Setup: Ubuntu host, VMware vm, x86-64 kernel
     2  
     3  These are the instructions on how to fuzz the x86-64 kernel in VMware Workstation with Ubuntu on the host machine and Debian Bullseye in the virtual machines.
     4  
     5  In the instructions below, the `$VAR` notation (e.g. `$GCC`, `$KERNEL`, etc.) is used to denote paths to directories that are either created when executing the instructions (e.g. when unpacking GCC archive, a directory will be created), or that you have to create yourself before running the instructions. Substitute the values for those variables manually.
     6  
     7  ## GCC and Kernel
     8  
     9  You can follow the same [instructions](/docs/linux/setup_ubuntu-host_qemu-vm_x86-64-kernel.md) for obtaining GCC and building the Linux kernel as when using QEMU.
    10  
    11  ## Image
    12  
    13  Install debootstrap:
    14  
    15  ``` bash
    16  sudo apt-get install debootstrap
    17  ```
    18  
    19  To create a Debian Bullseye Linux user space in the $USERSPACE dir do:
    20  ```
    21  sudo mkdir -p $USERSPACE
    22  sudo debootstrap --include=openssh-server,curl,tar,gcc,libc6-dev,time,strace,sudo,less,psmisc,selinux-utils,policycoreutils,checkpolicy,selinux-policy-default,firmware-atheros,open-vm-tools --components=main,contrib,non-free bullseye $USERSPACE
    23  ```
    24  
    25  Note: it is important to include the `open-vm-tools` package in the user space as it provides better VM management.
    26  
    27  To create a Debian Bullseye Linux VMDK do:
    28  
    29  ```
    30  wget https://raw.githubusercontent.com/google/syzkaller/master/tools/create-gce-image.sh -O create-gce-image.sh
    31  chmod +x create-gce-image.sh
    32  ./create-gce-image.sh $USERSPACE $KERNEL/arch/x86/boot/bzImage
    33  qemu-img convert disk.raw -O vmdk disk.vmdk
    34  ```
    35  
    36  The result should be `disk.vmdk` for the disk image and `key` for the root SSH key. You can delete `disk.raw` if you want.
    37  
    38  ## VMware Workstation
    39  
    40  Open VMware Workstation and start the New Virtual Machine Wizard.
    41  Assuming you want to create the new VM in `$VMPATH`, complete the wizard as follows:
    42  
    43  * Virtual Machine Configuration: Custom (advanced)
    44  * Hardware compatibility: select the latest version
    45  * Guest OS: select "I will install the operating system later"
    46  * Guest OS type: Linux
    47  * Virtual Machine Name and Location: select `$VMPATH` as location and "debian" as name
    48  * Processors and Memory: select as appropriate
    49  * Network connection: Use host-only networking
    50  * I/O Controller Type: LSI Logic
    51  * Virtual Disk Type: IDE
    52  * Disk: select "Use an existing virtual disk"
    53  * Existing Disk File: enter the path of `disk.vmdk` created above
    54  * Select "Customize Hardware..." and remove the "Printer" device if you have one. Add a new "Serial Port" device. For the serial port connection choose "Use socket (named pipe)" and enter "serial" for the socket path. At the end it should look like this:
    55  
    56  ![Virtual Machine Settings](vmw-settings.png?raw=true)
    57  
    58  When you complete the wizard, you should have `$VMPATH/debian.vmx`. From this point onward, you no longer need the Workstation UI.
    59  
    60  Starting the Debian VM (headless):
    61  ``` bash
    62  vmrun start $VMPATH/debian.vmx nogui
    63  ```
    64  
    65  Getting the IP address of the Debian VM:
    66  ``` bash
    67  vmrun getGuestIPAddress $VMPATH/debian.vmx -wait
    68  ```
    69  
    70  SSH into the VM:
    71  ``` bash
    72  ssh -i key root@<vm-ip-address>
    73  ```
    74  
    75  Connecting to the serial port of the VM (after it is started):
    76  ``` bash
    77  nc -U $VMPATH/serial
    78  ```
    79  
    80  Stopping the VM:
    81  ``` bash
    82  vmrun stop $VMPATH/debian.vmx
    83  ```
    84  
    85  If all of the above `vmrun` commands work, then you can proceed to running syzkaller.
    86  
    87  ## syzkaller
    88  
    89  Create a manager config like the following, replacing the environment variables $GOPATH, $KERNEL and $VMPATH with their actual values.
    90  
    91  ```
    92  {
    93  	"target": "linux/amd64",
    94  	"http": "127.0.0.1:56741",
    95  	"workdir": "$GOPATH/src/github.com/google/syzkaller/workdir",
    96  	"kernel_obj": "$KERNEL",
    97  	"sshkey": "$IMAGE/key",
    98  	"syzkaller": "$GOPATH/src/github.com/google/syzkaller",
    99  	"procs": 8,
   100  	"type": "vmware",
   101  	"vm": {
   102  		"count": 4,
   103  		"base_vmx": "$VMPATH/debian.vmx",
   104  	}
   105  }
   106  ```
   107  
   108  Run syzkaller manager:
   109  
   110  ``` bash
   111  mkdir workdir
   112  ./bin/syz-manager -config=my.cfg
   113  ```
   114  
   115  Syzkaller will create full clone VMs from the `base_vmx` VM and then use ssh to copy and execute programs in them.
   116  The `base_vmx` VM will not be started and its disk will remain unmodified.
   117  
   118  If you get issues after `syz-manager` starts, consider running it with the `-debug` flag.
   119  Also see [this page](/docs/troubleshooting.md) for troubleshooting tips.